Question
What I want to do is making my website available via https without getting these browser warning that the site is not trusted. I created an SSL certificate for my domain and configured Apache webserver to use it in default-ssl. Calling my site with https:// works, but in every browser on every device a get the message that no issuer chain was provided. In firefox like:
https://stackoverflow.com/questions/22614952
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)
What did I understand wrong with SSL?
Solution
The certificate you get is not directly signed by the Root-CA, but by an intermediate CA, which by itself got signed by the Root-CA. You have to add this intermediate CA to the certificates your server sends to the client, because the client only trusts the Root-CA and does not now the intermediate CA.
The process is described in various places, like https://eldon.me/?p=34
OTHER TIPS
You say Startcom SSL - do you mean the free one? If so - that's a normal and import behavior of these browsers (well your free certificate isn't validated - no prove that this certificate really belongs to you). I actually hope there is no way around that.
Don't get me wrong - CA's have their advantages as well as disadvantages. What you could do for your users is take part in the web of trust, yet it won't help on that topic.
What you personally can do, is view the certificate (when the warning is displayed - don't directly click for a temporary exception) and then, there is an option to permanently save an exception for that certificate.
But you have to do that on every browser (once) and just works for you, every other user visiting the site has to do the same.
